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Abstract 

A scheme for pseudo-random binary sequence generation based on the 
two-dimensional discrete-time Henon map is proposed. Properties of the 
proposed sequences pertaining to hnear complexity, linear complexity pro- 
file, correlation and auto-correlation are investigated. All these properties 
of the sequences suggest a strong resemblance to random sequences. Re- 
sults of statistical testing of the sequences are found encouraging. An 
attempt is made to estimate the keyspace size if the proposed scheme is 
used for cryptographic applications. The keyspace size is found to be large 
and is dependent on the precision of the computing platform used. 

Keywords: Chaos, nonlinear difference equations, random number gen- 
eration, stream ciphers, cryptography. 



1 Introduction 

Pseudo-random number sequences are useful in many applications including 
monte-carlo simulation, spread spectrum communications, steganography and 
cryptography. Conventionally, pseudo-random sequence generators based on lin- 
ear congruential methods and feedback shift-registers are popular |Knuth 1998J . 
For cryptographic applications, several algorithms such as ANSI X9.17 and FIPS 
186 are found to be popular jMenezes et al 1997| . In recent times, several re- 
searchers have been exploring the idea of using chaotic dynamical systems for 
thisnurr^ose |Falcioni et al. 2nnfillKoca,re.v 2nnillWoodcock fc Smart 1998^. The 
random-like, unpredictable dynamics of chaotic systems, their inherent deter- 
minism and simplicity of realization suggests their potential for exploitation as 
pseudo-random number generators. 

Cryptographic schemes based on chaos have been classified as 1) discrete- 
time discrete- value schemes 2) discrete-time continuous-value schemes and 3) 
continuous-time continuous-value schemes |Dachselt fc Schwarz 2001] . All con- 
ventional cryptographic schemes act on discrete symbols such as bits, integers, 
characters and symbols and can be grouped into the first category, that of 
discrete-time discrete-value schemes. In this paper, a scheme for obtaining a 
pseudo-random binary sequence from the two-dimensional chaotic Henon map 
is explored. Needless to say, since the sequence is a discrete-time discrete- value 
signal, any cryptographic application of the same can be grouped under the first 
of the three classes mentioned above. 



2 The Henon Map 

An A^-dimensional discrete-time dynamical system is an iterative map / : 5ft^ — > 
3?^ of the form 

Xk+i^nxk) , (1) 

where k — 0,1,... is the discrete time and X G 3ff^ is the state. Start- 
ing from Xq, the initial state, repeated iteration of Q gives rise to a se- 
ries of states known as an orbit. An example is the Henon map, a two- 
dimensional discrete-time nonlinear dynamical system represented by the state 
equations |Henon 19761 [Alhgood e^ al 1997| [Peitgen et al 2004| IKumar 19961 



KJnitchtield et al 19861 ITjleick 1997| 



Xk+i = ~(^x\ + y/c + 1 , 
Uk+i = Pxk ■ 



(2) 



Here, {x, y) is the two-dimensional state of the system. The state-plane diagram 
for a = \A and /? = 0.3 for this map is shown in Fig. ^ The diagram is a 
strange attractor popularly known as the Henon attractor. 

In this paper, the Henon map shall be considered a representative example 
of 2-dimensional chaotic maps for the generation of pseudorandom sequences. 

0.4 
0.3 
02 
0.1 

^ 
■0.1 
-0.2 
-0.3 
-0.4 




-1.5 



0.5 



Figure 1: The Strange Attractor of Henon 



3 Pseudorandom Sequence Generation Scheme 

Generating a pseudorandom binary sequence from the orbit of a chaotic map 
essentially requires mapping the state of the system to {0, 1}. For the Henon 

and hy derived respectively from the x and y 

(3) 
(4) 



map, consider the two bits h^ 
state- variables as follows: 
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if 


X> Tx 





if 


X < Tx 


1 


if 


y>Ty 





if 


y<Ty 



Here, Tx and Ty are appropriately chosen threshold values for state-variables x 
and y. Tx should be chosen such that the likelihood of x > r^; is equal to that 
of a; < Tx- The median of a large set of numbers has precisely this property. 
Therefore, we choose Tx as the median of a large number (T) of consecutive 
values of x. Similarly, we assign to Ty, the value of the median of T consecutive 
values of y. Thus, two streams of bits Sx = {bl.}._^ and Sy = {by} ■_■. are 
obtained from the map. Consider the bit-stream Bx formed by choosing every 
Pth bit of Sx, i.e., Bx = {b^^} _ . Consider the similarly formed bit-stream 
By = {by^} ._.■ Let us denote the jth bit of these two sequences respectively 



as Bx (j) and By (j). Then, the pseudo-random output bit O is chosen as per 
the foUowing rule: 



n (^\ _ ) ^x yj) n Uyyj - ^) -KJ dim Uyyj - Lj - L , 



s. (J) 


if 


By (.1 


-2) = 


= and By {j - 


-1) = ; 


s. (J) 


if 


By U - 


-2). 


- and By {j - 


-i) = i ; 


i^y (J) 


if 


By U - 


-2)-- 


- 1 and By {j - 


-l)-0 ; 


i^y (J) 


if 


By {j - 


-2)-- 


- 1 and By ij - 


~1) = 1 . 



Here, B^ and By respectively denote the logical inverse of B^ and By. For 
j = 0, By (—2) and By (—1) can arbitrarily be assumed to be 0. 

The author has found that generated pseudorandom sequences have good 
statistical properties when P is large. The author has used P between 75 and 
5000 depending on the available time for computation and the length of the 
sequence required. In this paper, sequences generated using this method are 
called Henon map sequences. 

4 Linear Complexity Properties 

A Linear Feedback Shift Register (LFSR) is said to generate an A^-bit sequence 
W if for some initial state, the first N bits of the output sequence of the LFSR 
are the same as W iGolomb 1964, Golomb 1982| . The length of the shortest 
LFSR that generates W is known as its Linear Complexity. 

The author has measured the linear complexity of a large number of even- 
length Henon map sequences using the Berlekamp-Massey Algorithm (BMA) 
[Massey 1969| . The linear complexities obtained for each sequence- length were 
found to follow a certain probabilistic pattern. In particular, the probability of 
the linear complexity C of an A^-bit sequence being equal to c (c < A^) , when A^ 
is even, was found to be very close to 

P(C~c)-[ (O-Sf^'^^' if c<A^/2 ; 

P^^-^)-\ (o.5f-^' if c>A/2 . ^^^ 

To illustrate the correctness of this conjecture, the experimentally deter- 
mined distribution of linear complexities for 64-bit Henon map sequences is 
shown in figure [3 a) alongside the conjectured distribution in figure |2]b) that 
has been computed using © . The mean value of linear complexities obtained in 
this experiment was found to be 32.2083. The expectation of linear complexity 
for a 64-bit random sequence is 32.2222 and is found to be very close to that 
of the Henon map sequences jMenezes et al 1997| . The variance of linear com- 
plexities of 64-bit sequences obtained by experiment was 1.0811 against 1.0617 
for random sequences. 

Similarly, the probability of the linear complexity C assuming the value 
c{c < N) when A^ is odd was found to be very close to 



(0.5)^-^^+^ 


if 


c< (A^+l)/2 


(0.5)'^-^ 


if 


c> (A^+l)/2 



P^^-^^-]^ (^0,^fc-N .^ c>(Ar+l)/2 ! ^^^ 

Again, in fig. Ola), the experimental distribution is shown along with the 
experimentally determined distribution in fig. 13 b) for 65-bit Henon map se- 
quences. The experimentally measured mean of linear complexities of these se- 
quences was 32.7663 against the expected 32.7778 for random sequences. Also, 
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Figure 2: Probability Distribution of Linear Complexity: 64-bit sequences 



the measured variance of linear complexities stands at 1.1177 against 1.0617 for 
random sequences |Menezes et a,l 1997J . 
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Figure 3: Probability Distribution of Linear Complexity: 65-bit sequences 

Let W be an iV-bit binary sequence. Let Wi{i — 1,2, ... , N) denote the 
subsequence of W consisting of its first i bits. Let Ci denote the linear com- 
plexity of Wi. Then the sequence of linear complexities (Ci, C2, C3, . . . , Cn) is 
known as the linear complexity profile of W. For random sequences, the linear 
complexity profile is expected to be very close to the Ci — i/2 line (Menezes et 
al 1997). The linear complexity profile of a sample 553-bit sequence was deter- 
mined using the Berlekamp-Massey Algorithm. The obtained profile is shown 
in fig. Eland can be seen to be very close to the Ci = i/2 line. 
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Figure 4: Linear Complexity Profile 



5 Correlation Properties 



Consider two iV-bit binary sequences U and V. Let A be the number of bit-by- 
bit agreements between tlie two. Tlie number of bit-by-bit disagreements must 
be D = {N — A) . Then the correlation 6 of the two sequences is defined as 



^{U,V) = iA-D)/N 



(8) 



Theorem 1 If U and V are two N-bit random binary sequences, the probability 
of their correlation 6 assuming the value G is given by 



Pi 



0) 



-Ne^/2 



(9) 
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for even N, 
for odd N. 



The probability is zero for other values of Q. 



Proof: Since the probability of occurrence of a one is the same as the probability 
of occurrence of a zero in a truly random sequence, the probability of occurrence 
of an agreement [p = 0.5) is the same as the probability of occurrence of a 
disagreement {\ — p = 0.5) in a pair of such sequences. Therefore, the number 
of agreements A in a pair of such sequences is a random variable that follows the 
binomial distribution with mean ^ — N/2 and standard deviation a = \/N/2. 
Therefore 

P{A^r)^-jf. (10) 



Applying the Normal approximation to the binomial distribution [Keeping 1962| 
IRamasubramanian 1997] . 



P{A = r) 



Nn 



-2(r-N/2f/N 



(11) 



The correlation 9 is related to the number of agreements A as 

1. 



2A 



(12) 



As A e {0,1, 2,..., TV}, e {-l,(^-l),(^-l),...,l}. Therefore, 9 G 
{0,±f ,±^,...,±1} for eveniV and G {±i, ±f , ±|-, . . . , ±l} for odd iV. 
Clearly, the probability of 9 assuming any other value is zero. By (|ll(l and (|12|l . 
if 6 belongs to the above set of valid values. 



P{9 = e) = 



^-Ne^/2 



(13) 



which completes the proof. 

The correlation between pairs of Henon map sequences was experimentally 
determined and the probability distribution was found to be very close to that 
of ©. As an illustration, the probability distribution for 127-bit Henon map 
sequences and the expected distribution for random sequences are shown in Fig. 
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Figure 5: Probability Distribution of Correlation. The legend Random is used 
for a plot of (O 



The correlation of a sequence with a cyclic-shift of itself is known as its cyclic 
auto- correlation. Let W be an iV-bit sequence and W^ denote W cyclically right- 
shifted by j bits. Then the cyclic auto-correlation function of W is defined as 
R (j) = 9 (W, W^) . The (cychc) auto-correlation function of a random sequence 
is expected to be unity at j = and close to zero at all other values of j. This 
indeed was found to be the case with Henon map sequnces. The auto-correlation 
function of a 2000-bit Henon map sequence is shown in fig. In the figure, 
a negative value of shift signifies cyclic left-shifting by an amount equal to the 
magnitude. 
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Figure 6: Auto-Correlation Function 



6 Statistical Testing 

A number of sequences were generated by the algorithm and were subjected 
to statistical tests. The tests carried out were Menczcs ct al's basic tests of 
randomness jMenezes et al 1997J . FIPS 140-1 F IPS PUB 140-1 recommended 
battery of tests and National Institute of Standards and Technology (NIST) 
battery of tests [Rukhin et al 200T] . 

Menezes et al have proposed a set of five basic tests consisting of frequency 
test, serial test, poker test, runs test and auto-correlation test. While the first 
four tests were carried out once for a given sequence, the auto-correlation test 
was carried out for all possible shifted-versions of the sequence. The result of 
each test is a test statistic which is compared with a threshold value (one-sided 
test). The test results in a failure if the threshold is exceeded. The tests were 
carried out at a significance level of 0.01, hence 1% of failures were expected 
even for random sequences. 

FIPS 140-1 recommends a set of statistical tests for cryptographic random/ 
pseudorandom number generators. The tests are carried out on a bit-stream 
of 20,000 bits. The recommended tests are monobit, poker, runs and long-run 
tests. Each test is a two-sided test where a test-statistic is required to lie within 
an interval. Though FIPS 140-1 has subsequently been superceded by FIPS 
140-2 |FIPS PUB 140-2] . since the latter standard does not recommend any 
statistical tests for cryptographic random/ pseudorandom number generators, 
the author has used the older recommendations of FIPS 140-1 to evaluate Henon 
map sequences. 

NIST has forumulated a statistical test suite for random/ pseudo-random 
number generators to be used for cryptographic applications. The suite consists 
of a battery of sixteen tests namely 1) Frequency (monobit) test, 2) Frequency 
test within a block, 3) Runs test, 4) Test for longest run of ones in a block, 5) 
Binary matrix rank test, 6) Discrete Fourier Transform (spectral) test, 7) Non- 
overlapping template matching test, 8) Overlapping template matching test, 9) 
Maurer's universal statistical test, 10) Lempel-Ziv compression test, 11) Linear 
complexity test, 12) Serial test, 13) Approximate entropy test, 14) Cumulative 



sums test, 15) Random excursions test and 16) Random excursions variant test. 

7 Statistical Test Results 

7.1 Menezes et al's basic tests of randomness 

Two 128-bit sequences i?i and i?2 were generated using parameters shown in 
tabled The notation used for test-statistics is the same as those in (Menezes 
et al 1997). The statistic X^ of the auto-correlation test is a function of the 
value of the relative circular shift. In this case, the value of the relative circular 
shift is shown in brackets. For example, the statistic obtained by running the 
auto-correlation test on the sequence and its 3-shifted version is denoted by 
X^ (3). A similar notation is used for the statistic X3 of the poker test where 
X^ depends on the length of the non-overlapping sub-sequences. The results of 
the tests on the sequences are shown in tabic |5] 



Parameter 


Ri 


R2 


a 


1.40 


1.20 


P 


0.30 


0.30 


Xq 


-0.75 


-0.75 


Vo 


-0.02 


0.32 


By (-2) 








By i-l) 


1 


1 


P 


24 


24 


T 


1000 


1000 



Table 1: Parameters used for Menezes' test samples 



7.2 FIPS 140-1 

Testing for compliance with FIPS 140-1 is required to be carried out with se- 
quences of 20,000 bits. Five sequences Sx through 5*5 were generated using 
parameters shown in table O The results of the tests on the sequences are 
shown in tabled) 



7.3 NIST Statistical Test Suite 

For each test-run of the test-suite, a sequence of 2 x 10^ bits was generated 
and the test-suite was configured to consider this sequence as 200 sequences of 
1 X 10^ bits each. This set of 200 sequences was subjected to statistical testing 
in each case. In this manner, the distribution of failures could also be examined 
by the test-suite and appropriate analysis could be carried out. 

The test was carried out on two sets Ui and U2 of 200-samples each. The 
parameters used for generating these sets of sequences are shown in table |S1 

For a sample of 200 sequences, the minimum proportion of sequences required 
to pass all the tests of the suite other than the random excursions (variant) 
test is 0.968893. The proportion of sequences passing these tests was found to 
be larger than this threshold. For the random excursions (variant) test, the 



statistic 


Expected 


Ri 


Result (Ri) 


R2 


Result (R2) 


Xi 


< 6.634897 


0.125000 


Pass 


6.125000 


Pass 


X2 


< 9.210340 


0.213583 


Pass 


6.245079 


Pass 


^3(2) 


< 11.344867 


4.625000 


Pass 


7.625000 


Pass 


^3(3) 


< 18.475307 


1.809524 


Pass 


9.428571 


Pass 


Xi 


< 9.210340 


0.890713 


Pass 


5.373956 


Pass 


X5W 


1X5 (•)! < 2.326348 


0.443678 


Pass 


-0.088736 


Pass 


^6(2) 


1X5 (•)! < 2.326348 


0.178174 


Pass 


1.069045 


Pass 


^6(3) 


1X5 (Ol < 2.326348 


0.268328 


Pass 


-0.98387 


Pass 


^5(4) 


1X5 (Ol < 2.326348 


-1.257237 


Pass 


-0.179605 


Pass 


^6(5) 


Jfs (•)! < 2.326348 


-0.631169 


Pass 


-0.811503 


Pass 


^6(6) 


|X5(-)| < 2.326348 





Pass 


-0.724286 


Pass 


^5(7) 


Jfs (•)! < 2.326348 


0.272727 


Pass 


0.272727 


Pass 


^6(8) 


Jfs (•)! < 2.326348 


-0.730297 


Pass 


-0.912871 


Pass 


^5(9) 


|X5(-)| < 2.326348 


-0.09167 


Pass 


0.09167 


Pass 


X5 (10) 


1X5 (•)! < 2.326348 


1.288804 


Pass 





Pass 


X5 (11) 


|Jf5(-)l < 2.326348 


0.09245 


Pass 


-0.64715 


Pass 


X5 (12) 


Jfs (•)! < 2.326348 





Pass 





Pass 


X5 (13) 


Jfs (•)! < 2.326348 


0.466252 


Pass 


-0.466252 


Pass 


X5 (14) 


1X5 (Ol < 2.326348 


0.749269 


Pass 


-0.561951 


Pass 


X5 (15) 


Jfs (•)! < 2.326348 


-0.658505 


Pass 


-0.282216 


Pass 


X5 (16) 


1X5 (Ol < 2.326348 


0.188982 


Pass 


-0.377964 


Pass 


^5 (17) 


Jfs (•)! < 2.326348 


1.233905 


Pass 


-1.993232 


Pass 


X5 (18) 


1X5 (•)! < 2.326348 


0.381385 


Pass 


-2.097618 


Pass 


X5 (19) 


X5 (•)! < 2.326348 


-0.287348 


Pass 


-0.478913 


Pass 


X5 (20) 


1X5 (•)! < 2.326348 


-1.539601 


Pass 


-0.96225 


Pass 


Jf5 (21) 


|X5(-)| < 2.326348 


1.06341 


Pass 


-0.290021 


Pass 


^5 (22) 


pf5 (•)! < 2.326348 


0.194257 


Pass 


-1.748315 


Pass 


X5 (23) 


1X5 (•)! < 2.326348 


1.85421 


Pass 


-2.04939 


Pass 


X5 (24) 


|Jf5(-)l < 2.326348 


0.784465 


Pass 


0.392232 


Pass 


X5 (25) 


Jf5 (•)! < 2.326348 


1.280928 


Pass 


0.68973 


Pass 


X5 (26) 


|Jf5(-)l < 2.326348 


1.782266 


Pass 


-0.594089 


Pass 


X5 (27) 


|X5(-)| < 2.326348 


-0.298511 


Pass 


-0.298511 


Pass 


Jfs (28) 


Jfs (•)! < 2.326348 


-0.4 


Pass 


-1.8 


Pass 


X5 (29) 


|Jf5(-)l < 2.326348 


1.306549 


Pass 


1.105542 


Pass 


X5 (30) 


Jfs (•)! < 2.326348 


0.808122 


Pass 


0.606092 


Pass 


X5 (31) 


|X5(-)| < 2.326348 


1.929158 


Pass 


-0.507673 


Pass 


^5 (32) 


|X5(-)| < 2.326348 





Pass 


-0.408248 


Pass 


X5 (33) 


Jf5 (•)! < 2.326348 


-0.102598 


Pass 


0.307794 


Pass 


^6 (34) 


1X5 (Ol < 2.326348 





Pass 


-0.206284 


Pass 


Xi, (35) 


Jfs (•)! < 2.326348 


0.933257 


Pass 


-2.384989 


Fail 


X5 (36) 


|X5(-)| < 2.326348 


0.625543 


Pass 


-0.208514 


Pass 


X5 (37) 


|Jf5(-)l < 2.326348 


-0.314485 


Pass 


-0.943456 


Pass 


Xi, (38) 


Jf5 (•)! < 2.326348 


-0.843274 


Pass 


-1.897367 


Pass 


X5 (39) 


|Jf5(-)l < 2.326348 


-0.317999 


Pass 


-0.317999 


Pass 


X5 (40) 


Jf5 (•)! < 2.326348 


-1.918806 


Pass 


-0.639602 


Pass 


^6 (41) 


|Jf5(-)| < 2.326348 


1.393746 


Pass 


-0.964901 


Pass 


Jfs (42) 


1X5 (Ol < 2.326348 


-0.862662 


Pass 


0.215666 


Pass 


X5 (43) 


Jfs (•)! < 2.326348 


-0.325396 


Pass 


-0.325396 


Pass 


Jfs (44) 


|X5(-)| < 2.326348 


-1.309307 


Pass 


-0.872872 


Pass 


X5 (45) 


Jfs (•)! < 2.326348 


1.426935 


Pass 


-1.426935 


Pass 


X5 (46) 


|Jf5(-)l < 2.326348 


-0.441726 


Pass 


-0.220863 


Pass 


^6 (47) 


|Jf5(-)l < 2.326348 


-1 


Pass 


0.777778 


Pass 


X5 (48) 


Jfs (•)! < 2.326348 


-0.67082 


Pass 


-0.447214 


Pass 


X5 (49) 


|Jf5(-)l < 2.326348 


-1.237597 


Pass 


-1.012579 


Pass 


Xa (50) 


Jf5 (•)! < 2.326348 


0.452911 


Pass 


0.679366 


Pass 


^5 (51) 


Jfs (•)! < 2.326348 


-1.025645 


Pass 


0.797724 


Pass 


X5 (52) 


|Jf5(-)l < 2.326348 


-0.458831 


Pass 


0.458831 


Pass 


X5 (53) 


X5 (•)! < 2.326348 


-0.11547 


Pass 


-0.57735 


Pass 


X5 (54) 


|Jf5(-)l < 2.326348 


-0.464991 


Pass 


-1.394972 


Pass 


Xi, (55) 


\X5 (•) < 2.326348 


-0.819288 


Pass 


-0.117041 


Pass 


X5 (56) 


JCs (•) < 2.326348 


0.235702 


Pass 


-0.471405 


Pass 


Xs (57) 


|Jf5 {■)] < 2.326348 


-1.780172 


Pass 


0.593391 


Pass 


X5 (58) 


X5 (•)! < 2.326348 


-0.717137 


Pass 


0.239046 


Pass 


^5 (59) 


|Jf5(-)l < 2.326348 


-1.324244 


Pass 


-1.083473 


Pass 


X^ (60) 


\X5 (•)! < 2.326348 


-0.242536 


Pass 


0.242536 


Pass 


^5 (61) 


Jfs (•)! < 2.326348 


1.588203 


Pass 


-0.855186 


Pass 


X5 (62) 


X5 (•)! < 2.326348 


-0.246183 


Pass 


-1.723281 


Pass 


X5 (63) 


1X5 (•)! < 2.326348 


0.620174 


Pass 


0.124035 


Pass 


-^5 (64) 


X5 (•)! < 2.326348 


-0.5 


Pass 


0.5 


Pass 



Table 2: Testing for Menezes' Basic Tests of Randomness 



Parameter 


Si 


§2 


S3 


S4 


Ss 


a 


1.23 


1.40 


1.40 


1.40 


1.41 


P 


0.25 


0.25 


0.30 


0.30 


0.21 


Xo 


-1.0 


-1.0 


-1.0 


-1.0 


-1.0 


yo 


1.0 


1.0 


1.0 


1.0 


1.0 


By (-2) 

















By i-l) 


1 


1 


1 


1 


1 


p 


84 


84 


84 


24 


24 


T 


1000 


1000 


1000 


1000 


1000 



Table 3: Parameters used for FIPS 140-1 test samples 



Statistic 


Expected 


Si 


S2 


S3 


S4 


S5 


Til 


9654 < Til < 10346 


9938 


10107 


9944 


10099 


10020 


^3 


1.03 <X-i< 57.40 


17.25 


13.03 


12.98 


14.73 


6.66 


Bi 


2267 < Si < 2733 


2572 


2473 


2560 


2480 


2454 


Gi 


2267 < Gi < 2733 


2452 


2524 


2534 


2554 


2447 


B2 


1079 < S2 < 1421 


1192 


1231 


1200 


1286 


1268 


G2 


1079 < G2 < 1421 


1302 


1264 


1226 


1262 


1310 


S3 


502 < B3 < 748 


640 


643 


653 


636 


616 


G3 


502 < G3 < 748 


611 


577 


638 


582 


580 


B4 


223 < B4 < 402 


277 


319 


320 


312 


312 


G4 


223 < G4 < 402 


328 


315 


306 


336 


314 


S5 


90 < B5 < 223 


140 


165 


162 


150 


156 


G5 


90 < G5 < 223 


156 


165 


168 


148 


159 


Se 


90 < Be < 223 


180 


159 


134 


159 


164 


Ge 


90 < Ge < 223 


151 


146 


157 


142 


159 


Result 


Pass/Fail 


Pass 


Pass 


Pass 


Pass 


Pass 



Table 4: Testing for FIPS 140-1 



required minimum passing proportion was found to be 0.961540 and 0.962864 
for C/i and IJ2 respectively. U\ and IJ2 were found to meet this requirement also. 
The author has noticed, however, that some of the sequences that pass the FIPS 
140-1 and Menezes' tests do not pass the NIST suite of tests. For example, a 
set of sequences generated using the same parameters as Tl\ was found to fail 
in the NIST suite. The author has found that passing the NIST suite requires 
a more careful choice of the parameters. In this case, increasing the value of T 
to a sufficiently large value resulted in the sequences passing the NIST suite. 

8 Keyspace Size 

The properties of Henon map sequences presented in the preceding sections 
demonstrate that they are potential candidates for cryptographic applications. 
A Henon map sequence can be used, for example, can be directly Exclusive- 
ORed, bit-by-bit, with a data sequence of the same length. Such a cipher is 
popularly known as the Vernam Cipher [Kippenhahn 1999| IMoUin 200 1 | . The 
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Parameter 


Ui 


U2 


a 


1.40 


1.398 


/3 


0.30 


0.283 


Xo 


-1 


0.26 


ya 


1 


0.29 


By (-2) 








By i-l) 


1 


1 


p 


117 


111 


T 


1000 


1000 



Table 5: Parameters used for NIST test saraples 



values of a, (3,xo,yo and the sampling-factor P together can form the key. In 
this section, an attempt is made to estimate the size of the keyspace for such a 
cipher. 

The author has found that a in (1.16,1.41) and /3 in (0.2,0.3) are useful 
for generating sequences with the desired statistical properties. Also, we can 
assume xq to lie in (—1,1) and yo to He in (—0.35,0.35). P can be assumed 
within (80, 1000). Though these limits are in no way binding or accurate, they 
should give a reasonable estimate of the size of the keyspace. The size of the 
keyspace then depends on the precision of the computing platform on which 
the cipher algorithm is implemented. With 32-bit floating-point numbers of 
the IEEE format, the smallest possible increment (e) is £32 ~ 1.1921 x 10^^. 
With 64-bit floating-point numbers this value is egi ~ 2.2204 x 10~^^. Let a 
indicate the size of the interval over which a can span i.e. a = 1.41 — 1.16. Let 
f3,Xo,yo and P have correspondingly similar meaning. Since P is an integer, 
P = 1000 — 80. Then, the number of representable values of a on the applicable 
computing platform can be computed as Ka = a/e. Such a calculation can 
easily be carried out using logarithms. Similarly, Kp,Kxg and Ky^ can also be 
calculated. Kp = P. Since the parameters are used together, the size of the 
keyspace K — Ka x Kp x K^g x Ky^ x Kp. The logarithm of this figure, to the 
base 2, gives an estimate of the length of a single binary key which contains all 
the information required to generate the pseudo-random sequence. The value of 
log2 {K) for 32-bit and 64-bit precision was found to be 97 and 213 respectively. 
The size of the keyspace can be further increased by increasing the precision of 
floating-point representation. 

9 Concluding Remarks 

Though chaotic orbits of discrete-time maps are non-periodic in nature, because 
of finite precision of digital computers the orbits actually turn out to be periodic. 
The average period of an orbit of a two-dimensional map can be expected to 
be longer than that of a one-dimensional map. To overcome the inevitable 
periodicity in digital computation, Shujun et al have used simple LFSR-based 
perturbation generators to perturb the parameters of the dynamical systems 
used [Shujun et al 2001. . Though they have used perturbed one-dimensional 
maps in couple-chaotic-system-based pseudorandom sequence generators, the 
same technique should be directly applicable to the present algorithm and is a 
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feasible way of defeating the periodicity. 

The periodicity inherent in digital-computer implementations is not a prob- 
lem in maps realized on an analog-computer. The Henon map, due to its poly- 
nomial form, can be realized in the form of an electronic circuit using analog- 
multipliers, sample-and-hold blocks and operational amplifiers. Such a realiza- 
tion of the logistic map has already been studied ,Suneel 2006^ . The advantage 
of an analog realization of chaotic maps is that due to natural variations in 
circuit parameters and conditions, practically identical systems provided with 
practically identical conditions generate sequences that quickly diverge and be- 
come un-correlated within a short time. Therefore, such implementations may 
actually turn out to be truly random (as opposed to pseudorandom) sequence 
generators. 

The choice of the Henon map for the work in this paper was rather arbitrary. 
The author believes that similar results should also be attainable with other 
two-dimensional maps. 

The linear complexity and correlation properties of the proposed sequences 
suggest a strong similarity to random sequences. Results of statistical tests 
carried out confirm this further. A large size of the keyspace suggests strong 
candidature for cryptographic applications, especially for stream cipher cryptog- 
raphy. Possible cryptanalysis techniques for these sequences is an open subject. 
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